How crime went online and security agencies followed

The dramatic personal story of the whistleblower Edward Snowden has tended to obscure the substance of what he's revealed to the world. Just in the last couple of days, the latest revelations have shown that a branch of the US National Security Agency has been collecting vast amounts of global financial data. That could mean your credit card transactions or mine.

Transcript

icon-plusicon-minus

MARK COLVIN: The dramatic personal story of the whistleblower Edward Snowden has obscured some of the substance of what he's revealed to the world.

Just in the last couple of days, the latest revelations have shown that a branch of the US National Security Agency, the NSA, has been collecting vast amounts of global financial data. That could mean your credit card transactions or mine.

That's on top of the documents that have already come out showing that the NSA has an almost unlimited ability to spy on most of what we say on the phone or write online.

Nate Anderson is the author of The Internet Police: How crime went online and the cops followed.

We began by talking about a child pornography arrest in Australia five years ago that led to much bigger things.

NATE ANDERSON: It started back in Australia, when detectives found a man's computer. It had a video on it of a child being abused. The child and the man in the video with her spoke with Flemish accents, so finding this one video on this one computer led police to try and trace back what had happened, who it happened to.

And they sent the video to Belgian investigators who amazingly were able to find the actual people depicted in the video. They determined it was a father raping his two children I believe. They were then able to find, by tracing his movements, the studio in the Ukraine where the filming had taken place. There was an actual studio that was set up to film these sorts of events.

The guy running it, after more detective work, turned out to be an Italian national. It was hard to get him from the Ukraine, but he travelled back and forth and the Italian police arrested him in Italy at one point. When they did that, they got access to his mailing list of 50,000 email addresses. These are people who are interested in the material he was producing, and so that was then distributed to police all over Europe and then every address that looked like it was an American was sent to the US.

So these spawned two massive investigations called Operation Koala in Europe and in the US, Operation Nest Egg and Operation Joint Hammer, and together these unveiled a set of child pornography rings that had never been discovered before, and infiltrating those rings, breaking them up, led police to new rings, which has led them to new rings beyond that.

In fact, police are now three or four levels deep and some of these prosecutions are just coming into court here in the US that are three removes back from these investigations and go all the way back to an Australian case about five or six years ago now.

MARK COLVIN: Now, some people say that child pornographers will escape this kind of detection by using something called the deep web. Is that possible, or are the police now capable of breaking that as well?

NATE ANDERSON: You know, the police have again - I think the theme of this internet policing over the last 10 years has been increasing ingenuity among the police, and that can be good or bad, but you see this with child pornography as well.

So this week actually, the FBI publicly admitted in an Irish court that it had been behind the infiltration of a tool called Tor, which is one of the most widely used tools for this deep web material that you're talking about, that makes it very difficult to identify where servers are, where you are, and the FBI had actually exploited that network - cracked it open in a small way - in order to find an Irish internet provider that was offering services to child pornographers.

MARK COLVIN: If all of this was just about child pornography, I guess few people would have much a of a problem with it, but we now know - and especially since the Edward Snowden revelations and what you just told us about the FBI and Tor - we now know that American officials particularly have the ability to spy on just about everybody.

What does the ordinary person, what kind of weapons, does the ordinary person have to fight back against that?

NATE ANDERSON: It's unclear if the ordinary person has any weapons at this point. I think the revelations from this year have really shown that unless you really, really know what you're doing, if a national government - especially one associated with the US intelligence apparatus - wants to spy on your communications, they can probably do so.

We still don't know quite how far these things extend, but the capabilities that have been revealed already are impressive and can be quite scary.

Even people who I work with who are incredibly technical have difficulty setting up something as simple as encrypted email to use with sources and with each other. It's a huge hassle, it's clunky, it doesn't always work well, and I think if that's the case for people who deal with this stuff on a daily basis, it's hard to see a lot of hope with current tools for people with even less technical knowledge.

MARK COLVIN: I've read a lot of outrage about the NSA breaking its own rules in terms of spying on US citizens, but are there any rules at all about what it can do in terms of spying on foreigners like us, like Australians?

NATE ANDERSON: Not much, no. That is the whole purpose of the NSA, ostensibly, and it's inspired a lot of outrage, as you say, from those who are outside the US who say to themselves, well that's fine, maybe some of these practices aren't violating any US laws or norms, but why should I care about that? I still don't want to be spied upon.

And I think it gets to the problem here. The reason that so much of this is happening is because there used to be separate networks. You could spy on Soviet fleet transmissions, or something where once you cracked it open you had access largely to people that you classed as an enemy or a target, and that's not the case with the internet.

And since everyone has moved onto the internet, the NSA has apparently decided the only way to get information is to spy on the internet, and that means by definition spying on just about everyone.

MARK COLVIN: Nate Anderson, author of The Internet Police: How crime went online and the cops followed.